Responsibilities Documentation and Runbook Development · Develop and maintain detailed documentation and playbooks for daily, weekly, and monthly information security operations, including incident response procedures and system maintenance tasks. · Create and update checklists for operational tasks, such as patch management, vulnerability scans, and access control reviews. · Format and standardize information security policies, procedures, and guidelines for clarity and accessibility. Logging and Alert Configuration · Configure logging mechanisms for security tools (e.g., Graylog, NXLog, Logstash FortiAnalyzer) to capture relevant security events and system activities. · Set up and fine-tune alert rules for real-time detection of security incidents, such as unauthorized access attempts or anomalous network traffic. · Monitor and validate log integrity and retention policies to ensure compliance with organizational and regulatory requirements. Creating Automations and Workflows · Develop automated scripts (e.g., using Python or PowerShell) to streamline repetitive security tasks, such as log analysis, vulnerability scanning, and report generation. · Create workflows to automate incident response processes, including ticket creation, escalation, and notification for security events. · Integrate automation tools with existing security platforms (e.g., SIEM, ticketing systems) to improve operational efficiency and reduce response times. Risk and Compliance Support · Collect and organize data for risk assessments, including asset inventories, vulnerability scan results, and threat intelligence feeds. · Support compliance audits by preparing documentation and evidence for frameworks like IRS Publication 1075 and PCI DSS. · Track and report on remediation efforts for identified vulnerabilities and compliance gaps. Data Reporting and Metrics · Collect and analyze data from security tools (e.g., firewalls, IDS/IPS, endpoint protection platforms) to generate metrics on vulnerabilities, incidents, and system performance. · Develop automated scripts (e.g., using Python or PowerShell) to streamline data collection and reporting processes. Operational Support: · Assist in the execution of operational tasks, such as user access reviews, security patch verification, and backup validation. · Support the ISO in coordinating incident response drills and tabletop exercises. · Perform additional tasks as directed to support information security initiatives. Education · Bachelor’s degree in Information Technology, Cybersecurity, Computer Science, or a related field preferred. Technical Skills · Strong working knowledge of computer networks, Windows, and Linux. · Proficiency in configuring and managing SIEM tools. · Experience with scripting languages (e.g., Python, PowerShell) for automation and data processing. · Familiarity with security tools, such as firewalls, IDS/IPS, endpoint detection and response EDR), and vulnerability scanners (e.g., Nessus). · Experience as a database administrator (Oracle/SQL Server/Postgres) a plus. Soft Skills · Strong attention to detail and documentation skills. · Ability to communicate technical concepts clearly to non-technical stakeholders. · Strong organizational and time-management skills. Preferred Knowledge · Understanding of information security frameworks (e.g., NIST, CIS). · Familiarity with compliance requirements (IRS Pub 1075, PCI DSS). · Experience with data visualization tools (Excel). Certifications (preferred but not required) · CompTIA Security+, Certified Information Systems Security Professional (CISSP), or equivalent.